Linux 4.1

Summary: This release adds support for Ext4 encryption, experimental support for managing clustered raid arrays, a new device mapper target that logs all writes to the devices and allows to replay them, a driver to turn the memory in persistent memory systems in a block device, support for disabling multi-user support, support for the Multiprotocol Label Switching which routes packets based on path labels rather than long network addresses, allow to attach BPF programs to kprobes for better probing, ACPI support for the ARM64 architecture, and a virtual GEM driver that allows improved software rasterizers. There are also new drivers and many other small improvements.

1. Prominent features

1.1. Ext4 encryption support

Linux already has support for data encryption facilities such as dm-crypt or ecryptfs, but they have performance and memory consumption costs. The Ext4 filesystem now supports encryption support: both data and file names can be encrypted with a key provided by the user. The key is used for the files of a directory and all the subdirectories. When reading, if a valid key is not provided, only the encrypted file names can be read, but not the decrypted ones, and the encrypted data can not be read.

To use this feature, you need e2fsprogs version 1.43, the keyutils software. A small howto can be found here.

1.2. Experimental cluster support for MD

This release adds clustering support for MD (Linux software RAID). Cluster MD is a shared-device RAID for a cluster. It enables locking and synchronization across multiple systems on the cluster, so all nodes in the cluster can access the MD devices simultaneously, bringing the redundancy (and uptime) of RAID levels across the nodes of the cluster. Currently, the implementation is limited to RAID1 but with further work (and some positive feedback), it could be extend to other RAID levels. The code in this version is is high experimental and not recommended to use except for experimentation.

1.3. Device mapper: new target that logs writes

The device mapper layer introduces a new target that log all write operations to a separate device, for later replay. The motivation behind this is to give file system developers a tool to verify that the file system is always consistent at particular points in the life of a file system by allowing them to replay the log in a variety of ways

1.4. Single user support

It may be strange that a multi-user system such as Linux would consider a return to the past, such a single-user opearting mode, a feature. But it turns out that embedded targets that want to make Linux as small as possible and don't care about multi-user separation. In this release, it's possible to configure the kernel without multi-user support, under this option UID and GID are zero in any possible case and processes always have all capabilities

1.5. Virtual GEM driver for improved software rasterizers

The vGEM (virtual graphics memory manager) DRM driver allows to import a GEM object from other graphic drivers and mmap them to user-space, which can use it as a GEM shared memory handler. This makes it a lot easier to do certain things when you have no GPU but still have to deal with DRI expectations. It's used by Mesa's software renderer for enhanced performance.

1.6. Block device for persistent memory

There are new types of memory that can be accessed almost as fast as RAM, but don't lose data after powering off the system. This kind of memory is called persistent memory. In this release Linux includes PMEM, a driver that presents a reserved range of memory as a block device, which can be used by file systems. This is useful for developing with non-volatile DIMMs, and can be used with volatile memory as a development platform.

1.7. Multiprotocol Label Switching

This release adds support for Multiprotocol Label Switching (MPLS). MPLS is a scalable, protocol-independent networking transport that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table, because packet-forwarding decisions are made solely on the contents of the label, without the need to examine the packet itself. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols.

1.8. BPF programs can be attached to kprobes

In this release, Linux allow to attach small BPF programs to kprobes, providing a safe way to execute user-defined BPF byte-code programs without being able to crash or hang the kernel in any way. The BPF engine makes sure that such programs have a finite execution time and that they cannot break out of their sandbox. This allows user-defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively. In this release, it's limited to root only

1.9. ACPI support for the ARM64 architecture

For a long time, ACPI has mostly been a x86 feature. Despite the controversies, some parts of the ARM world have been pushing for ACPI support. In this release, Linux adds preliminary ACPI 5.1 support to the arm64 architecture.

2. Drivers and architectures

3. Core (various)

Users can change the maximum number of threads by writing to /proc/sys/kernel/threads-max commit

Add support FALLOC_FL_INSERT_RANGE for fallocate(). It is the opposite command of FALLOC_FL_COLLAPSE_RANGE. It will create space for writing new data within a file after shifting extents to right as given length commit

Power management: add configurable delay for pm_test, so users can determine how long to wait in this pseudo-suspend state before resuming the system commit

hugetlbfs: Add 'min_size=<value>' moun option. This option takes the same value as the 'size' option. min_size can be specified without specifying size. If both are specified, min_size must be less that or equal to size else the mount will fail. If min_size is specified, then at mount time an attempt is made to reserve min_size pages. If the reservation fails, the mount fails. At umount time, the reserved pages are released commit, commit

perf kmem: perf kmem records and analyze kernel memory allocation only for SLAB objects. A new option has been added, --page, implements a simple page allocator analyzer using kmem:mm_page_alloc and kmem:mm_page_free events. The SLAB analysis is available in the --slab option commit

11. Networking

Extends the "classic" BPF programmable tc classifier by extending its scope also to native eBPF code, thus allowing userspace to implement own custom, 'safe' C like classifiers that can then be compiled with the LLVM eBPF backend to an eBPF elf file and loaded into the kernel via iproute2's tc, and be JITed in the kernel commit, commit, commit, commit

ipv6: generation of stable privacy addresses for link-local and autoconf as specified in RFC7217 commit

ipvs: allow rescheduling of new connections when port reuse is detected. Currently, when TCP/SCTP port reusing happens, IPVS will find the old entry and use it for the new one, behaving like a forced persistence. A new sysctl has been introduced, conn_reuse_mode, that allows controlling how to proceed when port reuse is detected commit

nf_tables: Support instantiating stateful expressions based on a template that are associated with dynamically created set entries. The expressions are evaluated when adding or updating the set element. This allows to maintain per flow state using the existing set infrastructure and expression types, with arbitrary definitions of a flow commit

Support the "connectable mode" adv flag commit, support the "discoverable" adv flag commit, support the "limited-discoverable" adv flag commit, support the "managed-flags" adv flag commit, support the "tx-power" adv flag commit